Home

Risk Analysis of the Major Mobile Platforms

Introduction Smartphones constitute the largest digital attack surface in modern society - over half the global population and most people in the developed world own one. Mobile applications are heavily relied on for everything we do, be it communication, banking, media, navigation, photos, etc. The average person spends four to five hours a da...

Password Spraying with Selenium and Fireprox

Password spraying is an attack technique that brute-forces a small set of predictable passwords across a set of likely valid user accounts. Many applications employ account lockouts to mitigate the threat of dictionary attacks on their authentication portals. Suppose an attacker obtains a list of likely valid user accounts but cannot try many pa...

Building a Custom Baby Monitor for Fun and Sleep

Background My wife and I were in the market for a new baby monitor. We were looking for something that had a delay wake feature, where the monitor turns on after measuring an average noise level within a period, for example, 60 seconds. The monitor we used for our daughter’s first year was a HelloBaby - a non-wifi, radio-frequency paired camera...

IP Space Mapping Project

https://whoismap.benkofman.com Background When performing OSINT investigations, the Whois service is an invaluable tool in discovering who “owns” a particular IPv4, IPv6, or domain. For domain lookups, the Whois database tells you the registrar, registration date, and registrant contact information (often times proxied by privacy services and...

What is SEO Poisoning? (MITRE-ATT&CK TTP)

Tactic: Resource Development Technique: Stage Capabilities Purpose: To increase the number of successful Drive-by Compromise / Watering hole attacks from a malicious site by exploiting search engine ranking mechanisms and boosting the site in search results. Scenario Imagine a malicious domain “www.nomalwarehere.com”. On it there is a ske...